Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

[L-1]: `BeatToken.sol` cannot be reused for other festival contracts due to immutable address of `festivalContract`

mddragon18

BeatToken::setFestivalContract has an immutable revert condition that prevents the change of address of festivalContract for upgradabilty

Description

  • setFestivalContract function can only be called once by the owner , this prevents the BeatToken contract to change festivalContract address in future if upgradability is desired.

function setFestivalContract(address _festival) external onlyOwner {
@> require(festivalContract == address(0), "Festival contract already set");
festivalContract = _festival;
}

Risk

Likelihood:

  • Reason 1 : This will occur whenever the owner would like to change the festivalContract address.

Impact:

  • This impacts the protocols ability to reuse the BeatToken contract for other festival contracts , hindering future upgradability.

Proof of Concept

function test_SetFestivalContract_afterFirstAssign() public {
beatToken.setFestivalContract(festivalContract);
assertEq(beatToken.festivalContract(), festivalContract);
beatToken.setFestivalContract(festivalContract); // will fail
}

Recommended Mitigation

function setFestivalContract(address _festival) external onlyOwner {
- require(festivalContract == address(0), "Festival contract already set");
+ require(festivalContract != address(0), "Festival contract cannot be zero");
festivalContract = _festival;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

`setFestivalContract` only callable once

This is intended. It's done like that because the festival contract requires beat token's address and vice versa.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.